Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AutoEnrollment errors

Status
Not open for further replies.
irbk

irbk

MIS
Oct 20, 2004
578
US
So I've done a bunch of searching and can't find a solution to this issue. Hoping that some one here might have an answer. Just recently, one of my Server 2003 boxes started throwing the following 2 errors.
Code: 
Event Type:	Error
Event Source:	AutoEnrollment
Event Category:	None
Event ID:	16
Date:		7/16/2008
Time:		3:11:22 PM
User:		N/A
Computer:	<ServerName>
Description:
Automatic certificate enrollment for local system failed to renew one Domain Controller certificate (0x80070057).  The parameter is incorrect.


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]
Followed by
Code: 
Event Type:	Error
Event Source:	AutoEnrollment
Event Category:	None
Event ID:	13
Date:		7/16/2008
Time:		3:11:22 PM
User:		N/A
Computer:	<ServerName>
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070057).  The parameter is incorrect.


For more information, see Help and Support Center at [URL unfurl="true"]http://go.microsoft.com/fwlink/events.asp.[/URL]
I've tried using gpupdate /force but all that seems to do is cause the error to happen again. Any ideas? Thanks in advance!
 
Sort by date Sort by votes
I looked at that KB and I don't think that is my problem. We have not installed a new CA in nearly 3 years and these issues just started happening.
 
Upvote 0 Downvote
Stumbling through the rabbit hole that is the web, I find myself in the "Certificates (Local Computer)" MMC snap-in. I drill into the "Personal" folder, then into the "Certificates" folder. In here I see the certificate issued to this server, from our CA, with an expiration date of 8.23.2008. I right click on the certificate, point to "All Tasks" and select "Renew Certificate with Same Key..." I then get a Certificate Renewal Wizard box with the error "Windows cannot communicate with the remote computer via key service." I tested this same procedure on another server and it worked with no issues. So it doesn't seem to be a problem on my CA server, but this server inparticular. Any ideas? Thanks.
 
Upvote 0 Downvote
Well, I think I might have found it! Some how, the "Cryptographic Services" service on the server having issues was changed from "Automatic" to "Manual". So the service was not running. After checking a few other servers and seeing that this should be set to "Automatic" and the service should be running, I started the service on the problem server. Then when I went to try and renew the certificate, volia! Success!

I don't have the vaguest idea how the cryptographic services would have been set to manual to begin with. I know when we first installed this server, we were having quite the issues with MSDTC throwing DCOM errors. Ended up having to call Microsoft and paying them there 16 pieces of silver and it took Microsoft 3 hours to fix! I wonder if they may have turned it off during the attempt to fix and never turned it back on.

Hopefully this post will be of use to someone else!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
dhcp server errors
Replies
1
Views
78
jknichols
jknichols
acl03
  • Locked
  • Question
DNS Errors in AD
Replies
1
Views
60
ShackDaddy
ShackDaddy
Magzy
  • Locked
  • Question
Autoenrollment issue
Replies
0
Views
59
Magzy
Magzy
irbk
  • Locked
  • Question
Strange DCOM errors every day
Replies
6
Views
232
irbk
irbk
rphips
  • Locked
  • Question
certificate errors
Replies
0
Views
36
rphips
rphips

Part and Inventory Search

Sponsor

Back
Top